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3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
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1 - □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 
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International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 
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Paper No./Mail Date . 
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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Aslam Jaffery and Charles Grey on 10/28/05. 

The application has been amended as follows: 
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(Currently Amended) A method for preventing packet retransmissions during 
Internet PTOtocol OPl security (IPsec) security association establishment 
comprising: : : 

monitoring application socket requests, 



requesting a. Xra^snussion Gpi^trol Protocol (TCP) cortn^tioii by an application; 



determining if there is an active IPsec security asscwiaticm that exists to protect 



preventing the connection request from proceeding to the Transmission Control 
x Protocol of the TCP/IP teye^stacyf no active IPsec security association 
exists to protect the network flow; 
determining if an IPsec security policy exists for the network flow if no active 



averting a security association negotiation component to initiate negotiation for the 
IPsec security association based onthe Psec security policy if the IPsec 

slrid 

allowing the co^ection request to proceed t6 me TrahsniisRion Conti ol Protocol 



lTonc of the adtiVo IPsec secufliy associatio 



:?.ecur}tyiB^ 



-after the JPsec : 
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3. (Curtently Amended) The method of claim 1, wherein the F$ec security !; 
x ^sociatign ia based on t>ne or more of: a source fatcroct ProtQc^lj^address^ a 
. destination IP address, a protocol, a source port, and a destination port. 

: 8-: : : : : ^ 

• : information comp (1PV IP address, x 

: : x:x:xx:::x>^ 

lO, (Gurrently Amended) A method for preventing pra^ 
: Intemet Protocol (IP) security (IPsecl^ 
comprising; 

monitoring application socket requests; 
requesting transmissi^ 
application; 

|: x ^ x x xx 

' association; 
: deteimining if there is a defi^ 
::::: x sockethas;^ 
: EPsec security association; 

y:::::::-: : :-: : :-: : :::::v 
: ::: :::: x 
^: x x : x : x 
x : x : : : : : : : : x^ 
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; lav^F -TranatTiissibti Control/Protocol (TCPYIP s tack if there is no defined 

; : x ^ 

I-:-:-:-:-:-:;:- : : : | : : : &L«o^in^: ci- se^WU^^y : *^©0*5"i 'fiMpyi;=«egOl5aclio«i: -to : JjTlltiat»:X^gdti;^i0Il- "for 7 :!!!^ ;i : : : : - : 

: : x : >x 

that may be used to protect the network flow; 
^establishing the IPsec security association; and ! 

:: : :^ 

.^:;;:':\'"MSOCiati6ii^ 

13. (Cuirently Amended) The method of claim 10, wherein the second determining 
: con^rise^^^ 
IF address,: a: destination IP ^a^^ 
.-■-.•.-.■.-.■-.■:-.-.•.-.-.':•:-:-. port, wherein the destination port includes one brmore of a source Internet 
Protocol (1PV IP address, a deshnation IP 
destination port related to the network flow. 

• : .-;Vl^:. : -';; :: '(OjTO 

a n e twork; . 

. q np^v^Tk in^^^tnr>iRrwftRTi iWaf^applicationlaye^-and the Tran&mtssion 
Control Protocol (TCP) of t he TCP/IP lavo r TCP/Tntemet Protocol (IV) 
: : stack- coupled >vilh Aq'nofa-brfc 'ttie network interceptor to monito r a TCP ; : 
• connection re^^^ 
a security^ 

: x^:^: : : : : ; ^ 



Application/Control Number: 09/592,841 Page 6 

Art Unit: 2132 



a negotiation of anIPsec security association; 
a security assoeiation negotiation 
: : interc^tor^^ 
: : IPse^ 

, connection request and to establish the DPsec security association; 
the network interceptor to 

established; and ' 
an tfPsee^ TPaec packet classifier. 

performing IPsec processing on incoming and outgoing packets, wheredn 

: : : : : the network: interceptor^ 

place before allowing network traffic to flow between the application and 
the T^nsmission Control Protoco l TCR1F layer . - 



18. 



(Ciii^tly ^ 

inforihatiqn; fomprise^ biie or more: of: Tti C o rnet Pro tocol (IS) fe addressbs, a 
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20. (Cuirehtly Ameiided) A machin^-T^adable medium having stored .^hereon data . > 

^: : : : : : :^ 

machine to: 
■ monitor application socket requests; \ \ 

request a Transmission Control Protocol (TCP) connection by an application; 
: : determine if th 

association that exists to protect network flow associated with the 
; connection requestr ;: 

::::::::: ^ 

Protocol of the TCP/IP tave pstack if no active IPsec security association 
exists to protect the network flow; 
determine if an IPsec security policy exists for the network flow if no active IPsec 
security association exists to protecttbe network flow; 

*^ * .■ secillit y e^ 0 ^ 0 * negotiation comppnent to initiate negoti^ion for an 
IPsec Security association based on the IPsec security policy if the Psec 
security policy exists fof the network flow- ?gad 

allow the correction request to proceed to the Transmission Control Protocol i f 
• • o n e of the acti ve IPsec seoitHty ungodationc exist and aftert he IP&ec : : 
: security association is established from the negotiation- 

■: : : : :-:;:j: : : : :j: : 2'3^ 

: x : > ^active IPse£ ^cm 
: I Protocol 
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■24; 



(Currently Amended); A iriapluhi^readkblb itiediujri having stored thereon -data 
machine to: 

monitor application soc^t requests; 
request ^ 

application; 



determine if ^ 

security HPsec) tf gee-securttv association; [ 
determine if there is a defined IPsec security association that may be used to 

protect network flowif the socket has not beera associated v/ith an active 
IPsec security association; 
detenuine what IPsec security policy should be wswJ: when negotiating an IPsec 
: : : security association for th& network flow if there is no defined IPs ec 

• security association that may be used to protect the network flow; 
prevent the data from being seat to the User Datagram Protocol of the 

•;• Transmission Control Protocol (TCPVIP TCP/IP layer s tack if there is no 
: : : : defined IPsec security; association that may be used to protect the network; 
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: : : 

;; : x : x::;:^: :: : :: ^ 

that may be used to protect the network flow; 
|: csublish;the 
allows 

association:; 

26. (GurreDtly Amended) The machine-readable medium of claim 24v ^rthen- caiis c;^;:;^;: • ; ; 

negotiates for the IPsec security association using :IFsec security^ 
specified by an iPsec security policy. 

: : : : : : :2 

active IP one or more of: a souree lTi[am e t :^:^:^: : : : : : 

30. (Currently Amended) The system of claim 17, wher e in tho - IFsoc security 

: ; OSSOCiQtl^ 

■ component . 

2. The following is an examiner's statement of reasons for allowance. The present 
invention is directed to a method and system for securing communications across a 
network using IP Security. More specifically, independent claims 1 1 17 and 20 identify 
the uniquely distinct features: requesting a TCP connection request by an application, 
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determining if there is an active IPSec security association that exists to protect the 
network flow associated with the TCP connection request, and negotiating for an IPSec 
security association based on a policy if no active IPSec security association exists, the 
determining and negotiating steps are done before the connection request can proceed 
to the Transmission Control Protocol of the TCP/IP stack. Independent claims 10 and 
24 are similar to claim 1,17 and 20 in terms of controlling the data flow from the 
application; the difference is that claims 10 and 24 deal with a UDP transmission 
request. The closest prior art, Attwood et al. (6,347,376), teaches searching for an 
IPSec security association either at the TCP or UDP layer as opposed to searching at 
the IP layer in conventional art. However, Artwood does not disclose searching for an 
IPSec security association above the TCP or UDP layer. The prior art, taken either 
singly or in combination, fails to anticipate or fairly suggest the limitations of applicant's 
independent claim, in such a manner that a rejection under 35 U.S.C 102 or 103 would 
be proper. The claimed invention is therefore considered to be in condition for 
allowance as being novel and nonobvious over prior art. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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